Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Expose a way to specify TLS version by node command line #27666

Closed
devanshu1111 opened this issue May 13, 2019 · 9 comments
Closed

Expose a way to specify TLS version by node command line #27666

devanshu1111 opened this issue May 13, 2019 · 9 comments
Labels
cli Issues and PRs related to the Node.js command line interface. feature request Issues that request new features to be added to Node.js. tls Issues and PRs related to the tls subsystem.

Comments

@devanshu1111
Copy link

Is your feature request related to a problem? Please describe.
Yes, we want to be TLS1.2 compliant. Checking the whole repository to make the whole code TLS1.2 complaint. We liked the existing idea of specifying cipher suit at "node --tls-cipher-list="ECDHE-RSA-AES128-SHA" server.js". We need similar command to specify TLS version.

Describe the solution you'd like
To specify the TLS version at node commandline. Similar to "node --tls-cipher-list="ECDHE-RSA-AES128-SHA" server.js"

Describe alternatives you've considered
Please describe alternative solutions or features you have considered.

@addaleax addaleax added cli Issues and PRs related to the Node.js command line interface. tls Issues and PRs related to the tls subsystem. labels May 13, 2019
@addaleax
Copy link
Member

The following CLI flags are available for current versions of Node:

  --tls-max-v1.2                            set default TLS maximum to TLSv1.2 (default: TLSv1.3)
  --tls-max-v1.3                            set default TLS maximum to TLSv1.3 (default: TLSv1.3)
  --tls-min-v1.0                            set default TLS minimum to TLSv1.0 (default: TLSv1.2)
  --tls-min-v1.1                            set default TLS minimum to TLSv1.1 (default: TLSv1.2)
  --tls-min-v1.3                            set default TLS minimum to TLSv1.3 (default: TLSv1.2)

Do any of these look like what you need?

@devanshu1111
Copy link
Author

Hi Team,
Is there a plan to backport it to version 10.0x ? It would be a huge help to us.

@bnoordhuis
Copy link
Member

It's under discussion, see #27432 (comment) (cc @sam-github)

I'll close this out as answered.

@sam-github sam-github reopened this May 16, 2019
@sam-github sam-github added the feature request Issues that request new features to be added to Node.js. label May 16, 2019
@sam-github
Copy link
Contributor

Reopened to track this as a feature (rather than making another).

These are meaningful for 10.x, so I can implement them (hopefully fairly easily, I'll take a look today or tomorrow):

  • --tls-min-v1.0/v1.1/v1.2
  • --tls-max-v1.0/v1.1/v1.2

While TLS1.3 does not exist for 10.x, what about --tls-max-v1.3 and --tls-min-v1.3?

I can either:

  1. not implement them (using them will error on unknown option)
  2. implement them by:
  • making TLS not have any implicit protocols for --tls-min-v1.3 (connections are only possible for apps that replace the defaults with specific config)
  • having it be a no-op for --tls-max-v1.3
  1. ...?

@sam-github
Copy link
Contributor

@devanshu1111 ☝️ opinions as to what would be helpful to you?

@devanshu1111
Copy link
Author

Thanks for looking into this.
We would like to have 1. not implement them (using them will error on unknown option) for TLSv-1.3.

@devanshu1111
Copy link
Author

Thanks, please let us know the specific version under 10.x when it gets implemented.

@BethGriggs
Copy link
Member

BethGriggs commented Feb 17, 2022

These options in exist in Node.js 12 (https://nodejs.org/dist/latest-v12.x/docs/api/cli.html#cli_tls_max_v1_2). The last ask in this issue was to backport to Node.js 10, which is now End-of-life.

edit: scratch that - they were shipped in v10.20.0 via #27946

@sameh1993
Copy link

whats the flag for node 14.16.0 ??

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
cli Issues and PRs related to the Node.js command line interface. feature request Issues that request new features to be added to Node.js. tls Issues and PRs related to the tls subsystem.
Projects
None yet
Development

No branches or pull requests

6 participants